<!DOCTYPE html>
<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
        <title>Upgrade iRedMail from 0.8.7 to 0.9.0</title>
        <link rel="stylesheet" type="text/css" href="./css/markdown.css" />
    </head>
    <body>

    <div id="navigation">
    <a href="https://www.iredmail.org" target="_blank">
        <img alt="iRedMail web site"
             src="./images/logo-iredmail.png"
             style="vertical-align: middle; height: 30px;"
             />&nbsp;
        <span>iRedMail</span>
    </a>
    &nbsp;&nbsp;//&nbsp;&nbsp;<a href="./index.html">Document Index</a></div><h1 id="upgrade-iredmail-from-087-to-090">Upgrade iRedMail from 0.8.7 to 0.9.0</h1>
<div class="admonition attention">
<p class="admonition-title">Attention</p>
<p>Check out the lightweight on-premises email archiving software developed by iRedMail team: <a href="https://spiderd.io/">Spider Email Archiver</a>.</p>
</div>
<div class="toc">
<ul>
<li><a href="#upgrade-iredmail-from-087-to-090">Upgrade iRedMail from 0.8.7 to 0.9.0</a><ul>
<li><a href="#changelog">ChangeLog</a></li>
<li><a href="#general-all-backends-should-apply-these-steps">General (All backends should apply these steps)</a><ul>
<li><a href="#update-etciredmail-release-with-iredmail-version-number">Update /etc/iredmail-release with iRedMail version number</a></li>
<li><a href="#upgrade-roundcube-webmail-to-the-latest-stable-release">Upgrade Roundcube webmail to the latest stable release</a></li>
<li><a href="#upgrade-iredapd-postfix-policy-server-to-the-latest-144">Upgrade iRedAPD (Postfix policy server) to the latest 1.4.4</a></li>
<li><a href="#upgrade-iredadmin-open-source-edition-to-the-latest-stable-release">Upgrade iRedAdmin (open source edition) to the latest stable release</a></li>
<li><a href="#disable-sslv3-support">Disable SSLv3 support</a><ul>
<li><a href="#disable-sslv3-in-apache">Disable SSLv3 in Apache</a></li>
<li><a href="#disable-sslv3-in-postfix">Disable SSLv3 in Postfix</a></li>
<li><a href="#disable-sslv3-in-dovecot">Disable SSLv3 in Dovecot</a></li>
</ul>
</li>
<li><a href="#fix-improper-postfix-setting-in-both-maincf-and-mastercf">Fix improper Postfix setting in both main.cf and master.cf</a></li>
<li><a href="#fix-improper-file-permission-of-amavisd-config-file">Fix improper file permission of Amavisd config file</a></li>
<li><a href="#fix-incorrect-setting-to-enable-daily-cron-job-to-update-spamassassin-rules">Fix incorrect setting to enable daily cron job to update SpamAssassin rules</a></li>
<li><a href="#optional-enable-global-sieve-script-in-dovecot-to-move-spam-to-junk-folder-by-default">[OPTIONAL] Enable global sieve script in Dovecot to move spam to Junk folder by default</a></li>
</ul>
</li>
<li><a href="#openldap-backend-special">OpenLDAP backend special</a><ul>
<li><a href="#fix-improper-ldap-query-command-in-domain-transport-query-file">Fix improper LDAP query command in domain transport query file</a></li>
<li><a href="#add-new-ldap-values-for-existing-mail-users">Add new LDAP values for existing mail users</a></li>
<li><a href="#add-index-for-sql-column-in-amavisd-database">Add index for SQL column in amavisd database</a></li>
</ul>
</li>
<li><a href="#mysql-backend-special">MySQL backend special</a><ul>
<li><a href="#fix-improper-sql-query-command-in-domain-transport-query-file">Fix improper SQL query command in domain transport query file</a></li>
<li><a href="#add-and-remove-sql-columns-in-vmail-and-amavisd-databases">Add and remove SQL columns in vmail and amavisd databases</a></li>
</ul>
</li>
<li><a href="#postgresql-backend-special">PostgreSQL backend special</a><ul>
<li><a href="#fix-improper-sql-query-command-in-domain-transport-query-file_1">Fix improper SQL query command in domain transport query file</a></li>
<li><a href="#add-and-remove-sql-columns-in-vmail-and-amavisd-databases_1">Add and remove SQL columns in vmail and amavisd databases</a></li>
</ul>
</li>
</ul>
</li>
</ul>
</div>
<div class="admonition note">
<p class="admonition-title">Remote Upgrade Assistance</p>
<p>Check out our <a href="https://www.iredmail.org/support.html">remote upgrade support</a> if you need assistance.</p>
</div>
<h2 id="changelog">ChangeLog</h2>
<ul>
<li>2015-08-19: [All backends] If <code>@lookup_sql_dsn</code> is disabled in Amavisd, you
              can use SQL username/password defined in <code>@storage_sql_dsn</code>
              instead.</li>
<li>2015-01-05: [All backends] [OPTIONAL] Enable global sieve script in Dovecot
              to move spam to Junk folder by default.</li>
</ul>
<hr />
<ul>
<li>2014-12-24: [All backends] Modify type of SQL column <code>policy.policy_name</code> to VARCHAR(255).</li>
<li>2014-12-04: [All backends] Disable SSL v3 in Apache, Postfix, Dovecot.</li>
<li>2014-11-13: [All backends] Add index for SQL column <code>msgs.spam_level</code> in <code>amavisd</code> database.</li>
<li>2014-11-06: <strike>[All backends] Fix improper SQL query command in domain transport query file.</strike></li>
<li>2014-09-09: [All backends] Fix incorrect setting to enable daily cron job to update SpamAssassin rules.</li>
<li>2014-09-09: [All backends] Fix improper permission of Amavisd config file.</li>
<li>2014-07-15: <strike>[All backends] Fix improper Postfix setting in both main.cf and master.cf.</strike></li>
<li>2014-06-19: [All backends] Add index for SQL column <code>policy.policy_name</code> in <code>amavisd</code> database.</li>
<li>2014-06-07:<ul>
<li>[OpenLDAP] Add new value for existing mail users: enabledService=indexer-worker.</li>
<li>[MySQL/PostgreSQL] New SQL column in <code>vmail</code> database: mailbox.enableindexer-worker.</li>
</ul>
</li>
</ul>
<h2 id="general-all-backends-should-apply-these-steps">General (All backends should apply these steps)</h2>
<h3 id="update-etciredmail-release-with-iredmail-version-number">Update /etc/iredmail-release with iRedMail version number</h3>
<p>iRedMail stores the release version in <code>/etc/iredmail-release</code> after
installation, it's recommended to update this file after you upgraded iRedMail,
so that you can know which version of iRedMail you're running. For example:</p>
<pre><code># File: /etc/iredmail-release

0.9.0
</code></pre>
<h3 id="upgrade-roundcube-webmail-to-the-latest-stable-release">Upgrade Roundcube webmail to the latest stable release</h3>
<p>Please follow Roundcube official tutorial to upgrade Roundcube webmail to the
latest stable release immediately: <a href="https://github.com/roundcube/roundcubemail/wiki/Upgrade">How to upgrade Roundcube</a>.</p>
<h3 id="upgrade-iredapd-postfix-policy-server-to-the-latest-144">Upgrade iRedAPD (Postfix policy server) to the latest 1.4.4</h3>
<p>Please follow below tutorial to upgrade iRedAPD to the latest stable release:
<a href="./upgrade.iredapd.html">Upgrade iRedAPD to the latest stable release</a></p>
<div class="admonition note">
<p class="admonition-title">Important Notes</p>
<ul>
<li>in iRedMail-0.9.0 and future iRedMail releases, we will use
  white/blacklists stored in Amavisd database in Amavisd (after-queue) and
  iRedAPD (before-queue), so you must enable iRedAPD plugin <code>amavisd_wblist</code>.</li>
<li>it's strongly recommended to enable plugin <code>reject_null_sender</code> (as first
  plugin listed in iRedAPD parameter <code>plugins =</code>) to prevent spam.</li>
</ul>
</div>
<p>iRedAPD-1.4.4 fixes several issues and brings some new features:</p>
<ul>
<li>
<p>iRedAPD now works with Postfix parameter <code>smtpd_end_of_data_restrictions</code>
  (smtp protocol state <code>END-OF-MESSAGE</code>).</p>
</li>
<li>
<p>New plugins:</p>
<ul>
<li>
<p><code>reject_null_sender</code>: prevent authenticated user to send spam as null
  sender (<code>from=&lt;&gt;</code> in Postfix log file).</p>
</li>
<li>
<p><code>amavisd_wblist</code>: it uses per-recipient white/blacklists stored in
  Amavisd SQL database to reject emails sent from blacklisted senders and
  bypass whitelisted senders.</p>
<p>White/blacklist could be global (server-wide) setting, per-domain setting,
or per-user setting. Priority: per-user &gt; per-domain &gt; global.</p>
</li>
<li>
<p><code>amavisd_message_size_limit</code>: limit size of single incoming mail.</p>
<p>Message size limit could be global (server-wide) setting, per-domain setting,
or per-user setting. Priority: per-user &gt; per-domain &gt; global.</p>
</li>
</ul>
</li>
<li>
<p>Plugin <code>reject_sender_login_mismatch</code> now will allow user to send as their
  own alias addresses by default. You can still set
  <code>ALLOWED_LOGIN_MISMATCH_STRICTLY = False</code> in iRedAPD config file
  (<code>/opt/iredapd/settings.py</code>) to allow user to send as any sender if you want.</p>
<p>It's recommended to enable this plugin right after plugin <code>reject_null_sender</code>.</p>
</li>
</ul>
<p>Suggested order of above 3 plugins are (if you enabled them):</p>
<pre><code>plugins = ['reject_null_sender', 'reject_sender_login_mismatch', 'amavisd_wblist', ...]
</code></pre>
<div class="admonition note">
<p class="admonition-title">Important Notes</p>
<ul>
<li>
<p>If you want to manage white/blacklists with the latest iRedAdmin-Pro, you
  have to enable plugin <code>amavisd_wblist</code>.</p>
</li>
<li>
<p>Plugin <code>amavisd_wblist</code> and <code>amavisd_message_size_limit</code> requires additional
  database related settings in iRedAPD config file, please set correct values
  for them. You can find SQL database settings in Amavisd config file,
  in parameter <code>@lookup_sql_dsn =</code>, if <code>@lookup_sql_dsn</code> is disabled, you can
  find them in <code>@storage_sql_dsn =</code>.</p>
</li>
</ul>
</div>
<pre><code>amavisd_db_server = '127.0.0.1'
amavisd_db_port = 3306
amavisd_db_name = 'amavisd'
amavisd_db_user = 'amavisd'
amavisd_db_password = 'password'
</code></pre>
<h3 id="upgrade-iredadmin-open-source-edition-to-the-latest-stable-release">Upgrade iRedAdmin (open source edition) to the latest stable release</h3>
<p>Please follow this tutorial to upgrade iRedAdmin open source edition to the
latest stable release: <a href="./migrate.or.upgrade.iredadmin.html">Upgrade iRedAdmin to the latest stable release</a></p>
<h3 id="disable-sslv3-support">Disable SSLv3 support</h3>
<p>I believe you already heard about the <code>POODLE</code> issue of SSL protocol v3.
POODLE stands for Padding Oracle On Downgraded Legacy Encryption. This
vulnerability allows a man-in-the-middle attacker to decrypt ciphertext using
a padding oracle side-channel attack. More details are available in the
upstream OpenSSL advisory: <a href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566">Vulnerability Summary for CVE-2014-3566</a>.</p>
<p>The safest short-term response is to disable SSLv3 support.</p>
<h4 id="disable-sslv3-in-apache">Disable SSLv3 in Apache</h4>
<p>Please add or update <code>SSLProtocol</code> setting in Apache config file like below:</p>
<ul>
<li>on RHEL/CentOS, it's <code>/etc/httpd/conf.d/ssl.conf</code>.</li>
<li>on Debian/Ubuntu, it's <code>/etc/apache2/apache2.conf</code>.</li>
<li>on FreeBSD, it's <code>/usr/local/etc/apache2[X]/httpd.conf</code>. Please replace
  <code>apache2[X]</code> by the real Apache version number here.</li>
</ul>
<pre><code>SSLProtocol ALL -SSLv2 -SSLv3
</code></pre>
<p>Restarting Apache service is required.</p>
<h4 id="disable-sslv3-in-postfix">Disable SSLv3 in Postfix</h4>
<p>Please execute commands below to disable SSLv3 in Postfix:</p>
<pre><code>postconf -e smtpd_tls_protocols='!SSLv2 !SSLv3'
postconf -e smtp_tls_protocols='!SSLv2 !SSLv3'
postconf -e lmtp_tls_protocols='!SSLv2 !SSLv3'
postconf -e smtpd_tls_mandatory_protocols='!SSLv2 !SSLv3'
postconf -e smtp_tls_mandatory_protocols='!SSLv2 !SSLv3'
postconf -e lmtp_tls_mandatory_protocols='!SSLv2 !SSLv3'
</code></pre>
<p>Restarting Postfix service is required.</p>
<h4 id="disable-sslv3-in-dovecot">Disable SSLv3 in Dovecot</h4>
<p>Please add below setting in Dovecot main config file <code>/etc/dovecot/dovecot.conf</code>
(on Linux/OpenBSD) or <code>/usr/local/etc/dovecot/dovecot.conf</code> (on FreeBSD).</p>
<pre><code>ssl_protocols = !SSLv2 !SSLv3
</code></pre>
<p>Restarting Dovecot service is required.</p>
<h3 id="fix-improper-postfix-setting-in-both-maincf-and-mastercf">Fix improper Postfix setting in both main.cf and master.cf</h3>
<p>NOTE: This step is wrong, please do not apply it. If you already applied it,
please revert your changes.</p>
<p>if you send email to user <code>user@domain.com</code> and mail list/alias <code>list@domain.com</code>,
and <code>user@</code> is member of <code>list@</code>, then <code>user@</code> will receive duplicate email.</p>
<p><strike>
Currently, we don't have Postfix parameter <code>receive_override_options=</code> set in
<code>/etc/postfix/main.cf</code>, instead, we have it in transport <code>127.0.0.1:10025</code>
(Amavisd) like this:</p>
<pre><code># Part of file: /etc/postfix/master.cf

127.0.0.1:10025 inet n  -   -   -   -  smtpd
    ...
    -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_address_mappings
</code></pre>
<p>Without <code>receive_override_options=no_address_mappings</code> in <code>main.cf</code>:</p>
<ul>
<li>
<p>Postfix will enable canonical address mapping, virtual alias map expansion,
  address masquerading, and automatic BCC (blind carbon-copy) recipients
  <strong>BEFORE</strong> injecting emails to content filter (Amavisd, in our case). For
  example, if you forward email to 3 email addresses, Postfix will expand the
  original recipient to 3 recipients, then Amavisd will get 3 emails for
  scanning. But with <code>receive_override_options=no_address_mappings</code>, Postfix
  won't expand original recipient to 3 addresses, and Amavisd gets only 1 email
  for scanning. It slightly improves mail server performance.</p>
</li>
<li>
<p>If a blacklisted sender (stored in Amavisd SQL database, not in
  Policyd/Cluebringer) sends email to user who forwards email to other
  addresses, Amavisd will quarantine the one sent to original recipient, but
  bypass emails sent to forwarded addresses.</p>
</li>
</ul>
<p>Please apply below steps to fix above issues:</p>
<ul>
<li>Add <code>receive_override_options</code> in Postfix with below shell command:</li>
</ul>
<pre><code># postconf -e receive_override_options='no_address_mappings'
</code></pre>
<ul>
<li>Open file <code>/etc/postfix/master.cf</code> (On Linux/OpenBSD) or
  <code>/usr/local/etc/postfix/master.cf</code> (on FreeBSD), find setting for transport
  <code>127.0.0.1:10025</code>, remove <code>no_address_mappings</code> for its
  <code>receive_override_options</code> option:</li>
</ul>
<pre><code># Part of file: /etc/postfix/master.cf

# ORIGINAL setting
#    -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_address_mappings

# MODIFIED setting
    -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
</code></pre>
<ul>
<li>Restart Postfix service.</li>
</ul>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>If you want to disable <code>content_filter=</code> in Postfix, please
comment out <code>receive_override_options=</code> in Postfix config file <code>main.cf</code> too,
otherwise canonical address mapping, virtual alias map expansion, address
masquerading, and automatic BCC (blind carbon-copy) recipients will not work.</p>
</div>
<p></strike></p>
<h3 id="fix-improper-file-permission-of-amavisd-config-file">Fix improper file permission of Amavisd config file</h3>
<p><strong>NOTE</strong>: This step is applicable to only Red Hat/CentOS 6.</p>
<p>Amavisd config file <code>/etc/amavisd/amavisd.conf</code> must be owned by group <code>amavis</code>,
otherwise after you upgraded to Red Hat/CentOS 7, Amavisd service cannot start.</p>
<pre><code># chgrp amavis /etc/amavisd/amavisd.conf
</code></pre>
<h3 id="fix-incorrect-setting-to-enable-daily-cron-job-to-update-spamassassin-rules">Fix incorrect setting to enable daily cron job to update SpamAssassin rules</h3>
<p><strong>NOTE</strong>: This step is applicable to only Debian and Ubuntu.</p>
<p>Please update file <code>/etc/default/spamassassin</code> to set <code>CRON=1</code>, so that
SpamAssassin daily cron job will update SpamAssassin rules automatically.</p>
<pre><code># Part of file: /etc/default/spamassassin

CRON=1
</code></pre>
<h3 id="optional-enable-global-sieve-script-in-dovecot-to-move-spam-to-junk-folder-by-default">[OPTIONAL] Enable global sieve script in Dovecot to move spam to Junk folder by default</h3>
<p>Note: this is an optional step.</p>
<p>Please follow our separate tutorial <a href="./move.detected.spam.to.junk.folder.html">here</a>.</p>
<h2 id="openldap-backend-special">OpenLDAP backend special</h2>
<h3 id="fix-improper-ldap-query-command-in-domain-transport-query-file">Fix improper LDAP query command in domain transport query file</h3>
<p>NOTE: This step is wrong, please do not apply it. If you already applied it,
please revert your changes.</p>
<p><strike>
Please open file <code>/etc/postfix/ldap/transport_maps_domain.cf</code> (on Linux/OpenBSD)
or <code>/usr/local/etc/postfix/ldap/transport_maps_domain.cf</code> (on FreeBSD), add
additional LDAP filter <code>(!(domainBackupMX=yes))</code> in <code>query =</code> parameter:</p>
<pre><code># Part of file: /etc/postfix/ldap/transport_maps_domain.cf

# OLD setting
#query_filter    = (&amp;(objectClass=mailDomain)(accountStatus=active)(enabledService=mail)(|(domainName=%s)(domainAliasName=%s)))

# NEW setting
query_filter    = (&amp;(objectClass=mailDomain)(accountStatus=active)(enabledService=mail)(|(domainName=%s)(domainAliasName=%s))(!(domainBackupMX=yes)))
</code></pre>
<p>Restarting Postfix service is required.
</strike></p>
<h3 id="add-new-ldap-values-for-existing-mail-users">Add new LDAP values for existing mail users</h3>
<p>We will add new LDAP attribute/value pair for existing mail users:
<code>enabledService=indexer-worker</code>. It's used by Dovecot.</p>
<ul>
<li>Download below python script to adding new values for existing mail users.</li>
</ul>
<pre><code># cd /root/
# wget https://github.com/iredmail/iRedMail/raw/1.0/update/ldap/updateLDAPValues_087_to_090.py
</code></pre>
<ul>
<li>Open downloaded file <code>updateLDAPValues_087_to_090.py</code>, set LDAP server related
settings in this file. For example:</li>
</ul>
<pre><code># Part of file: updateLDAPValues_087_to_090.py

uri = 'ldap://127.0.0.1:389'
basedn = 'o=domains,dc=example,dc=com'
bind_dn = 'cn=vmailadmin,dc=example,dc=com'
bind_pw = 'passwd'
</code></pre>
<p>You can find required LDAP credential in iRedAdmin config file or <code>iRedMail.tips</code>
file under your iRedMail installation directory. Using either
<code>cn=Manager,dc=xx,dc=xx</code> or <code>cn=vmailadmin,dc=xx,dc=xx</code> as bind dn is ok.</p>
<ul>
<li>Execute this script, it will add required data:</li>
</ul>
<pre><code># python updateLDAPValues_087_to_090.py
</code></pre>
<p>That's all.</p>
<h3 id="add-index-for-sql-column-in-amavisd-database">Add index for SQL column in <code>amavisd</code> database</h3>
<p>We need indexes for some SQL columns in <code>amavisd</code> database:
<code>policy.policy_name</code>, <code>msgs.spam_level</code>. Both are used by iRedAdmin-Pro.</p>
<p>Now connect to SQL server as MySQL root user, create new columns, add required INDEX:</p>
<pre><code>$ mysql -uroot -p
mysql&gt; USE amavisd;
mysql&gt; ALTER TABLE policy MODIFY COLUMN policy_name VARCHAR(255) NOT NULL DEFAULT '';
mysql&gt; CREATE UNIQUE INDEX policy_idx_policy_name ON policy (policy_name);
mysql&gt; CREATE INDEX msgs_idx_spam_level ON msgs (spam_level);
</code></pre>
<h2 id="mysql-backend-special">MySQL backend special</h2>
<h3 id="fix-improper-sql-query-command-in-domain-transport-query-file">Fix improper SQL query command in domain transport query file</h3>
<p>NOTE: This step is wrong, please do not apply it. If you already applied it,
please revert your changes.</p>
<p><strike>
Please open file <code>/etc/postfix/mysql/transport_maps_domain.cf</code> (on Linux/OpenBSD)
or <code>/usr/local/etc/postfix/mysql/transport_maps_domain.cf</code> (on FreeBSD), add
additional SQL statement <code>AND backupmx=0</code> in <code>query =</code> parameter:</p>
<pre><code># Part of file: /etc/postfix/mysql/transport_maps_domain.cf

# OLD setting
#query       = SELECT transport FROM domain WHERE domain='%s' AND active=1

# NEW setting
query       = SELECT transport FROM domain WHERE domain='%s' AND active=1 AND backupmx=0
</code></pre>
<p>Restarting Postfix service is required.
</strike></p>
<h3 id="add-and-remove-sql-columns-in-vmail-and-amavisd-databases">Add and remove SQL columns in <code>vmail</code> and <code>amavisd</code> databases</h3>
<ul>
<li>
<p>We need new SQL columns in <code>vmail</code> database: <code>mailbox.enableindexer-worker</code>,
  it's used by Dovecot.</p>
</li>
<li>
<p>We need new indexes for some 2 columns in <code>amavisd</code> database:
  <code>policy.policy_name</code>, <code>msgs.spam_level</code>. Both are used by iRedAdmin-Pro.</p>
</li>
</ul>
<p>Now connect to SQL server as MySQL root user, create new columns, add required
indexes:</p>
<pre><code>$ mysql -uroot -p
mysql&gt; USE vmail;
mysql&gt; ALTER TABLE mailbox ADD COLUMN `enableindexer-worker` TINYINT(1) NOT NULL DEFAULT 1;
mysql&gt; ALTER TABLE mailbox ADD INDEX (`enableindexer-worker`);

mysql&gt; USE amavisd;
mysql&gt; ALTER TABLE policy MODIFY COLUMN policy_name VARCHAR(255) NOT NULL DEFAULT '';
mysql&gt; CREATE UNIQUE INDEX policy_idx_policy_name ON policy (policy_name);
mysql&gt; CREATE INDEX msgs_idx_spam_level ON msgs (spam_level);
</code></pre>
<h2 id="postgresql-backend-special">PostgreSQL backend special</h2>
<h3 id="fix-improper-sql-query-command-in-domain-transport-query-file_1">Fix improper SQL query command in domain transport query file</h3>
<p>NOTE: This step is wrong, please do not apply it. If you already applied it,
please revert your changes.</p>
<p><strike>
Please open file <code>/etc/postfix/pgsql/transport_maps_domain.cf</code> (on Linux/OpenBSD)
or <code>/usr/local/etc/postfix/pgsql/transport_maps_domain.cf</code> (on FreeBSD), add
additional SQL statement <code>AND backupmx=0</code> in <code>query =</code> parameter:</p>
<pre><code># Part of file: /etc/postfix/pgsql/transport_maps_domain.cf

# OLD setting
#query       = SELECT transport FROM domain WHERE domain='%s' AND active=1

# NEW setting
query       = SELECT transport FROM domain WHERE domain='%s' AND active=1 AND backupmx=0
</code></pre>
<p>Restarting Postfix service is required.
</strike></p>
<h3 id="add-and-remove-sql-columns-in-vmail-and-amavisd-databases_1">Add and remove SQL columns in <code>vmail</code> and <code>amavisd</code> databases</h3>
<ul>
<li>
<p>We need new SQL columns in <code>vmail</code> database: <code>mailbox.enableindexer-worker</code>,
  it's used by Dovecot.</p>
</li>
<li>
<p>We need new indexes for some 2 columns in <code>amavisd</code> database:
  <code>policy.policy_name</code>, <code>msgs.spam_level</code>. Both are used by iRedAdmin-Pro.</p>
</li>
</ul>
<p>Now connect to SQL server as PostgreSQL admin user, create new columns, add
required indexes:</p>
<pre><code># su - postgres
$ psql -d vmail
sql&gt; ALTER TABLE mailbox ADD COLUMN &quot;enableindexer-worker&quot; INT2 NOT NULL DEFAULT 1;
sql&gt; CREATE INDEX idx_mailbox_enableindexer_worker ON mailbox (&quot;enableindexer-worker&quot;);

sql&gt; \c amavisd;
sql&gt; ALTER TABLE policy ALTER COLUMN policy_name TYPE varchar(255);
sql&gt; CREATE UNIQUE INDEX policy_idx_policy_name ON policy (policy_name);
sql&gt; CREATE INDEX msgs_idx_spam_level ON msgs (spam_level);
</code></pre><div class="footer">
    <p style="text-align: center; color: grey;">All documents are available in <a href="https://github.com/iredmail/docs/">GitHub repository</a>, and published under <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">Creative Commons</a> license. You can <a href="https://github.com/iredmail/docs/archive/master.zip">download the latest version</a> for offline reading. If you found something wrong, please do <a href="https://www.iredmail.org/contact.html">contact us</a> to fix it.</p>
</div></body></html>